Upload
phungduong
View
217
Download
0
Embed Size (px)
Citation preview
Metricon ‘06
Top Network VulnerabilitiesOver TimeVik SolemAugust 1, 2006
2Symantec Security Services
Network Vulnerabilities Data
Size of Data More than 1,000,000 vulnerability instances More than 1 year of data available
Type of Data Standard Nessus Vulnerability IDs
Set Selection Only Nessus Data 8 consecutive months of data No Informational Level Entries
3Symantec Security Services
Network Vulnerabilities
Top 10 Vulnerabilities 10 most reported vulnerabilities in the entire data set Shown over 8 months compared with all other vulnerabilities
Vulnerabilities Found In All Time Periods Only 23 vulnerabilities occurred in all periods Shown over 8 months Shown with top 10
4Symantec Security Services
Top 10 Vulnerabilities Over 8 Months
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1 2 3 4 5 6 7 8
other
19407
18405
10916
10915
10914
10900
10899
10395
10281
10264
5Symantec Security Services
Vulnerabilities Found in All Time Periods
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1 2 3 4 5 6 7 8
other
18405
15901
14773
13651
12280
12255
12110
12085
11915
11367
11267
11239
11137
10934
10647
10595
10539
10498
6Symantec Security Services
Top 10 Plus Those in All Time Periods
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
1 2 3 4 5 6 7 8
other
19407
10899
10914
10915
10900
10916
10395
18405
15901
14773
13651
12280
12255
12110
12085
7Symantec Security Services
Top 10 Vulnerabilities1. 10264: SNMP Default Community Names2. 10281: Telnet Server Detection3. 10395: SMB Shares Enumeration4. 10899: Win Domain User Info (never logged in)5. 10900: Win Domain User Info (password never expires)6. 10914: Win Local User Info (never changed password)7. 10915: Win Local User Info (never logged in)8. 10916: Win Local User Info (password never expires)9. 18405: Windows Remote Desktop MitM vuln10. 19407: Windows Printer Spooler Vuln
8Symantec Security Services
Symantec Threat Report Top 10 Attacks(July-December 2005)
1. Microsoft SQL Server Resolution Service Stack Overflow Attack2. Generic HTTP Directory Traversal Attack3. Generic ICMP Flood Attack4. Generic WebDAV/Source Disclosure HTTP Header Request Attack5. Generic HTTP CONNECT TCP Tunnel Attack6. Sendmail Header Processing/Prescan corruption Buffer Overflow
Attack7. Generic Cross-Site Scripting in URL Attack8. Microsoft FrontPage Sensitive Page Attack9. Generic X86 Buffer Overflow (TCP NOPS) Attack10. Possible Incoming Malicious Attachment Event
9Symantec Security Services
Qualys “Laws of Vulnerabilities Report”Most Common Vulns (January 2006)
Part 1 MS Object Library Buffer Overflow (CVE-2005-0057) MS Queuing Buffer Overflow (CVE-2005-0059) MS DoS & Priv Escalation (CVE-2005-0061) MS Exchange Remote Code Execution (CVE-2005-0560) MS Web Client Service Remote Code Exec (CVE-2005-1207) MS Color Mgt Module Remote Code Execution (CVE-2005-
1219) MS PnP Remote Code Execution (CVE-2005-1983) MS Client Service Netware Buf Ovrflow (CVE-2005-1985) MS PnP Remote Code Execution (CVE-2005-2120) MS DirectShow Remote Code Execution (CVE-2005-2128) MSDTC & COM+ Remote Code Execution (CVE-2005-1980) MS Graphics Engine WMF Format Code (CVE-2005-4560)
10Symantec Security Services
Qualys “Laws of Vulnerabilities Report”Most Common Vulns (January 2006)
Part 2 MS SMB Remote Code Execution (CVE-2005-1206) MS Print Spooler Remote Code Execution (CVE-2005-1984)
11Symantec Security Services
Next Steps
Split Data for Different Report Types Types of scans (internal vs. external) Types of scanners (Nessus vs. others)
Summarize Data for Vulnerability Categories Our top 10 includes 5 which could be called “Windows
Information Leakage”
Generate in Real Time in the Attack Center As a job is completed display and compare to
• Other jobs within the client• Other jobs overall• Other networks/scans of similar types
12Symantec Security Services
Questions?
Vik SolemPrincipal Consultant
T. 617-768-2709M. 617-308-3728
Thank You.